No description, website, or topics provided.
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
test
.gitignore
.travis.yml
.yamllint
CONTRIBUTING.md
LICENSE
README.md
module.yml
package.json

README.md

Build Status NPM version

cfn-modules: AWS Auto Scaling Group singleton (Amazon Linux 2)

AWS Auto Scaling Group running a single EC2 instance based on Amazon Linux 2 with a fixed public IP address (Elastic IP), alerting, IAM user SSH access, following an immutable infrastructure approach (root volume can be replaced at any time).

Install

Install Node.js and npm first!

npm i @cfn-modules/asg-singleton-amazon-linux2

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Asg:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
        BastionModule: !GetAtt 'Bastion.Outputs.StackName' # optional
        HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
        KeyName: '' # optional
        IAMUserSSHAccess: false # optional
        SystemsManagerAccess: true # optional
        InstanceType: 't2.micro' # optional
        Name: 'test' # optional
        AZChar: 'A' # optional
        SubnetReach: 'Public' # optional
        LogGroupRetentionInDays: 14 # optional
        SubDomainNameWithDot: 'test.' # optional
        UserData: '' # optional
        IngressTcpPort1: '' # optional
        IngressTcpPort2: '' # optional
        IngressTcpPort3: '' # optional
        ClientSgModule1: '' # optional
        ClientSgModule2: '' # optional
        ClientSgModule3: '' # optional
        FileSystemModule1: '' # optional
        AmazonLinux2Version: '2.0.20181114' # set this to the latest available version!
      TemplateURL: './node_modules/@cfn-modules/asg-singleton-amazon-linux2/module.yml'

Parameters

Name Description Default Required? Allowed values
VpcModule Stack name of vpc module yes
AlertingModule Stack name of alerting module no
BastionModule Stack name of module implementing Bastion no
HostedZoneModule Stack name of module implementing HostedZone no
KeyName Key name of the Linux user ec2-user to establish a SSH connection to the EC2 instance no
IAMUserSSHAccess Synchronize public keys of IAM users to enable personalized SSH access (https://github.com/widdix/aws-ec2-ssh)? false no [true, false]
SystemsManagerAccess Enable AWS Systems Manager agent and authorization true no [true, false]
InstanceType The instance type for the EC2 instance t2.micro no
Name The name for the EC2 instance auto generated value no
AZChar Availability zone char A no [A, B, C]
SubnetReach Subnet reach Public no [Public, Private]
LogGroupRetentionInDays Specifies the number of days you want to retain log events 14 no [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
SubDomainNameWithDot Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter! test. no
UserData Bash script executed on first instance launch no
IngressTcpPort1 Port allowing ingress TCP traffic no
IngressTcpPort2 Port allowing ingress TCP traffic no
IngressTcpPort3 Port allowing ingress TCP traffic no
ClientSgModule1 Stack name of client-sg module module to mark traffic from EC2 instance no
ClientSgModule2 Stack name of client-sg module module to mark traffic from EC2 instance no
ClientSgModule3 Stack name of client-sg module module to mark traffic from EC2 instance no
FileSystemModule1 Stack name of efs-file-system module no
AmazonLinux2Version Version of Amazon Linux 2 2.0.20180622.1 no ['2.0.20181114', '2.0.20180622.1']

Limitations

  • Highly available: A single EC2 instance is running at a time (will be automatically replaced in case of failure)
  • Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
  • Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
  • Secure: Root volume it not backed up
  • Monitoring: Network In+Out is not monitored according to capacity of instance type